23 Questions
What is one way to prevent someone from viewing your data?
Using full disk encryption
What does encrypting data at rest refer to?
Encrypting information on a storage drive
What feature of NTFS on Microsoft Windows allows selective encryption of files or folders?
Built-in encryption functionality
Why is it important to manage the decryption key when encrypting data?
To prevent unauthorized access
Where are some decryption keys stored when using Active Directory in Microsoft environments?
Within the Active Directory database
What is a debated topic in the industry regarding user passwords?
The strength of passwords
What security measure should be considered if you work in a public area like a coffee shop or airport?
Installing a privacy filter on the screen
What is the reason for not assigning administrator access to everyone in an organization?
To limit exposure of sensitive information
Why should default accounts on operating systems be avoided?
To prevent unauthorized access
What is the purpose of automatically locking the system after inactivity?
To prevent unauthorized access
What security policy dictates how many failed password attempts result in an account lockout in Microsoft Windows?
Machine account lockout threshold
What is the purpose of disabling guest accounts on devices?
To restrict interactive logins
Why are unnecessary accounts recommended to be disabled on operating systems?
To prevent unauthorized access
What is the purpose of restricting logins during specific hours of the day?
To enhance network security
What is entropy when discussing password complexity?
A measurement of how unpredictable a password is
Why are uppercase, lowercase, and special characters recommended in passwords?
To increase password entropy and complexity
What is generally considered a strong password in today's standards?
8 characters or longer
Why are passwords often configured to automatically expire after a certain amount of time?
To enhance security by changing passwords regularly
Why does a system remember your used passwords?
To ensure the same password is not reused
Why does an attacker target default usernames and passwords on devices?
Because they are commonly unchanged and easily accessible
What is the purpose of an administrator password in UEFI BIOS?
To make changes to BIOS configurations
What is a best practice regarding system passwords?
Always requiring a password and never allowing blank passwords
Why would an operating system automatically lock the screen when a user is away?
To prevent unauthorized access to the system
Study Notes
- Encrypting data is important to keep it secure, especially at rest on storage drives.
- Full disk encryption (FDE) encrypts entire drives for maximum security.
- Individual files or folders can also be encrypted, often built into file systems like NTFS on Windows.
- USB drives should be encrypted due to easy loss.
- Decryption keys should be managed carefully to avoid loss.
- Active Directory can store decryption keys for backup and recovery.
- Complex passwords are essential for strong security, with a focus on entropy (unpredictability).
- Passwords should be 8 characters or longer, contain a mix of uppercase, lowercase, and special characters.
- Password policies encourage regular expiration and password rotation.
- Default usernames and passwords should be changed during setup for device security.
- UEFI BIOS passwords secure access to device configurations.
- Passwords protect access to sensitive Personally Identifiable Information (PII).
- Privacy filters and careful monitor placement can protect sensitive data from prying eyes.
- Access to resources should be granted based on job function and need.
- Administrative access should not be granted to everyone in an organization.
- Group permissions should be assigned to users based on job function.
- Network access can be restricted during certain hours.
- Unnecessary accounts can be disabled.
- Default settings and accounts should be changed for security reasons.
- Account lockout thresholds prevent brute force attacks.
- Interactive logon policies can lock the system after a period of inactivity or user absence.
- AutoRun feature, which automatically executes files on removable media, was removed for security reasons in Windows 7 and later.
Explore the concept of encrypting data at rest using full disk encryption (FDE) to secure information stored on a drive. Learn about encrypting individual files or folders as an alternative approach to enhance data security.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free